From 5152fef3e132cc8151593f3e6a61782d02c37f8a Mon Sep 17 00:00:00 2001
From: Mason Morales <mmorales@splunk.com>
Date: Mon, 29 Mar 2021 10:23:47 -0700
Subject: [PATCH] Add support for disabling and customizing the splunkd mgmt
 port

---
 roles/splunk/defaults/main.yml                     |  5 +++--
 roles/splunk/tasks/configure_custom_mgmt_port.yml  | 13 +++++++++++++
 roles/splunk/tasks/configure_disable_mgmt_port.yml | 13 +++++++++++++
 roles/splunk/tasks/install_apps.yml                |  2 +-
 roles/splunk/tasks/install_splunk.yml              |  8 ++++++++
 5 files changed, 38 insertions(+), 3 deletions(-)
 create mode 100644 roles/splunk/tasks/configure_custom_mgmt_port.yml
 create mode 100644 roles/splunk/tasks/configure_disable_mgmt_port.yml

diff --git a/roles/splunk/defaults/main.yml b/roles/splunk/defaults/main.yml
index 57fb2848..e6e20cde 100644
--- a/roles/splunk/defaults/main.yml
+++ b/roles/splunk/defaults/main.yml
@@ -25,7 +25,9 @@ splunk_secret_file: splunk.secret # Used to specify your splunk.secret filename(
 splunk_configure_authentication: false
 ad_bind_password: undefined # Use ansible-vault encrypt_string, e.g. ansible-vault encrypt_string --ask-vault-pass 'var_value_to_encrypt' --name 'var_name'
 splunk_authenticationconf: authentication.conf.j2
-splunk_use_initd: false  # if set to false, the role will use systemd instead
+splunk_use_initd: false  # If set to false, the role will use systemd instead
+splunk_disable_mgmt_port: false # If set to true, will disable splunkd management port during installation
+splunkd_port: 8089 # If changed, will overwrite the default port number used by splunkd
 git_local_clone_path: ~/ # Base directory under which repositories for app deplyoment should be cloned to
 git_server: undefined # e.g. ssh://git@mygithost:1234 - Note that this may be set in an all.yml group_var or inside the git_apps dictionary within host_vars
 git_key: undefined # Path to SSH key for cloning repositories - Note that this may be set in an all.yml group_var or inside the git_apps dictionary within host_vars
@@ -42,7 +44,6 @@ splunk_shc_label: myshc
 splunk_shc_rf: 3
 splunk_shc_rep_port: 8100
 splunk_shc_target_group: shc
-splunkd_port: 8089
 splunk_shc_deployer: "{{ groups['shdeployer'] | first }}" # If you manage multiple SHCs, configure the var value in group_vars
 splunk_shc_uri_list: "{% for h in groups[splunk_shc_target_group] %}https://{{ hostvars[h].ansible_fqdn }}:{{ splunkd_port }}{% if not loop.last %},{% endif %}{% endfor %}" # If you manage multiple SHCs, configure the var value in group_vars
 # Linux and scripting related vars
diff --git a/roles/splunk/tasks/configure_custom_mgmt_port.yml b/roles/splunk/tasks/configure_custom_mgmt_port.yml
new file mode 100644
index 00000000..90b13ac4
--- /dev/null
+++ b/roles/splunk/tasks/configure_custom_mgmt_port.yml
@@ -0,0 +1,13 @@
+---
+- name: Configure custom splunkd management port
+  ini_file:
+    path: "{{ splunk_home }}/etc/system/local/web.conf"
+    section: settings
+    option: mgmtHostPort
+    value: "0.0.0.0:{{ splunkd_port }}"
+    owner: "{{ splunk_nix_user }}"
+    group: "{{ splunk_nix_group }}"
+    mode: 0644
+  become: true
+  notify: restart splunk
+  when: splunkd_port != '8089'
diff --git a/roles/splunk/tasks/configure_disable_mgmt_port.yml b/roles/splunk/tasks/configure_disable_mgmt_port.yml
new file mode 100644
index 00000000..3bd021a8
--- /dev/null
+++ b/roles/splunk/tasks/configure_disable_mgmt_port.yml
@@ -0,0 +1,13 @@
+---
+- name: Disable splunkd management port
+  ini_file:
+    path: "{{ splunk_home }}/etc/system/local/server.conf"
+    section: httpServer
+    option: disableDefaultPort
+    value: "{{ splunk_disable_mgmt_port }}"
+    owner: "{{ splunk_nix_user }}"
+    group: "{{ splunk_nix_group }}"
+    mode: 0644
+  become: true
+  notify: restart splunk
+  when: splunk_disable_mgmt_port
diff --git a/roles/splunk/tasks/install_apps.yml b/roles/splunk/tasks/install_apps.yml
index 130c0757..1b88387f 100644
--- a/roles/splunk/tasks/install_apps.yml
+++ b/roles/splunk/tasks/install_apps.yml
@@ -44,7 +44,7 @@
 
     - name: Get SHC status from first SH under the "target_shc_group_name" inventory group specified in the shdeployer host_vars
       uri:
-        url: "https://{{ groups[target_shc_group_name] | first }}:8089/services/shcluster/status"
+        url: "https://{{ groups[target_shc_group_name] | first }}:{{ splunkd_port }}/services/shcluster/status"
         method: GET
         user: "{{ splunk_admin_username }}"
         password: "{{ splunk_admin_password }}"
diff --git a/roles/splunk/tasks/install_splunk.yml b/roles/splunk/tasks/install_splunk.yml
index bc8d769c..e7d62679 100644
--- a/roles/splunk/tasks/install_splunk.yml
+++ b/roles/splunk/tasks/install_splunk.yml
@@ -53,6 +53,14 @@
     - splunk_configure_authentication
     - ad_bind_password != 'undefined'
 
+- name: Include custom management port task
+  include_tasks: configure_custom_mgmt_port.yml
+  when: splunkd_port != '8089'
+
+- name: Include disable management port task
+  include_tasks: configure_disable_mgmt_port.yml
+  when: splunk_disable_mgmt_port
+
 - name: Include post-install tasks
   include_tasks: post_install.yml